News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ben Ramsey's Blog:
Peruser MPM for Apache
December 01, 2005 @ 07:12:35

In his quest for a secure method of server-side security in addition to PHP, Ben Ramsey stumbled across Peruser MPM, an Apache security module, seemingly with PHP in mind. In this latest blog post he details what lead him there.

A while back, when I was doing some research for a talk on server-side security for PHP, I looked into various "secure" methods for setting up a server for multiple users. Despite my search, I couldn't find a simple and effective solution for managing a server with a large (and untrusted) user base (as is the case with many virtual hosting companies).

Sure, there's PHP's safe_mode, but its "safety" is misleading at best. There's also open_basedir, which helps a little, but it's not quite enough. For my research, I also looked at and tested mod_security, and the Hardened PHP Project's Hardening Patch.

Eventually, through this comment, he found Peruser MPM, a module that runs each Apache process with its own user/group combination. He notes a few issues that it still has (breaking mod_ssl and making Apache less scalable), but overall, it does sound pretty cool...

1 comment voice your opinion now!
apache peruser MPM unique user group security apache peruser MPM unique user group security


blog comments powered by Disqus

Similar Posts

Secunia.com: PHP Integer Overflow Vulnerability and Security Bypass

Community News: PEAR Group Elections 2008-2009 (Nominations)

Demian Turner's Blog: Seagull 0.6.4 Release (fixes Security Isse from 0.6.3)

Devshed: Simple and Secure PHP Login Script

PHPBuilder.com: Installing Apache and PHP under Win32


Community Events

Don't see your event here?
Let us know!


community series laravel opinion language version library release unittest threedevsandamaybe voicesoftheelephpant extension api symfony introduction interview laravel5 security framework podcast

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework